As BYOD explodes, IT managers learn to cope

FREE

Become An Insider

Sign up now and get free access to
hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content
from the best tech brands on the Internet: CIO, CSO, Computerworld, InfoWorld,
IT World and Network World Learn more.

From

Thank you

Sorry

Pity the poor IT manager trying to get his arms around the bring-your-own-device (BYOD) movement.

Even the most cutting-edge tech leaders -- those who are working to make mobile devices secure and productive corporate tools -- are feeling overwhelmed by the frenetic pace of change in the marketplace.

While Apple iOS devices have dominated the landscape, the surging popularity of Android phones and tablets and the emergence of platforms like Windows 8 and BlackBerry 10 promise to open the floodgates to an even wider range of personal devices vying for corporate resources. For IT, that means new and more complicated support and security challenges ahead.

Corporate policy now requires mobile users to have encryption and password protection on their devices -- and the MDM system automatically enforces those policies. "As soon as the user registers with the MDM, it checks to see if the device is compliant with our security controls," Winter says.

The biggest pain point now involves users' lingering concerns about privacy, he says. "Users are concerned that if they take their personal device and connect to the corporate network, the business can see their personal data, listen in on conversations with loved ones or see pictures of their kids," Winter says.

Standardizing on one mobile platform was also critical for simplifying development and support -- an important point when budgets are tight and resources are limited. "By mandating one platform," Snyder says, "we can develop one app and not have to support all those additional permutations of devices."

• How it's coping: Even though the MCCA supports only one mobile platform and supplies the devices, mobile device management is still critical for control, Snyder says. The agency uses the AirWatch MDM system to build user profiles, shut down devices if necessary, wipe devices if there's a problem and push out apps.

Users are not restricted from using the corporate-owned iPhones or iPads for personal reasons -- they're even allowed to tie the devices to their personal iTunes accounts. "We're not going to be Big Brother, but if we need to wipe it, we're going to wipe it, and it's too bad if you don't have your stuff backed up," Snyder says. IT doesn't get much pushback on that policy, he says, because the procedures are clearly spelled out in the policy manuals, and users are generally thrilled to be working with a high-end device on the company's dime.

• How it's coping: The team settled on Apple devices because "they were the best in practice for manageability," Hensley says, but the choice also reflected what users wanted.

Users who meet the justification criteria and get management approval to use a mobile device are given a company-issued iPhone or iPad and get access to email, contacts and calendars in Outlook Exchange. Employees approved for mobile usage who opt to purchase their own Apple device can also port their personal number to the company plan and will be able to maintain their original refresh cycles on the hardware, Hensley says.

Currently, the company is using Microsoft ActiveSync for MDM, which Hensley says provides visibility into who is accessing company information and gives administrators the ability to block access if necessary. Using the Bomgar remote help desk platform, Clif Bar has automated remote provisioning and activation of devices. Bomgar can also walk users through the process of connecting the device to the corporate network.

• What's on the horizon: Novation is prototyping an MDM strategy using the AirWatch platform, which will provide important security controls, including the ability to identify devices, block jail-broken equipment and perform remote wipes. Eventually, Novation would like to move to "agentless" MDM, which doesn't reside on the client device, Ramas says. This option would still provide critical controls like passcode enforcement but would be slightly less onerous from the user's point of view, because it would allow IT to perform selective wipes but wouldn't leave users feeling as though IT is policing their personal data. "We're looking for a happy medium," says Ramas, noting that use of mobile devices would decline if IT was too strict about security.